The healthcare industry remains a prime target for ransomware attacks due to its critical nature, extensive use of IT and OT, and low tolerance for disruptions, as highlighted in Claroty/Team82’s State of CPS Security – Healthcare 2023 report. With phishing and BEC campaigns increasingly targeting healthcare organizations, vulnerabilities in their IT environments are exploited, posing threats not only to patient privacy but also to patient life. Challenges in patching vulnerabilities are exacerbated by the multitude of device manufacturers and the lengthy FDA certification process for patches, leading to a prevalence of ‘forever-day vulnerabilities’ in medical devices. Additionally, the reliance on unsupported operating systems and the integration of third-party devices further compound security risks. To mitigate these risks, the report recommends implementing network segmentation to isolate medical devices from corporate networks, thereby limiting the impact of potential compromises.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.